2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2008 Tobias Brunner
4 * Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include "openssl_ec_public_key.h"
18 #include "openssl_util.h"
22 #include <openssl/evp.h>
23 #include <openssl/ecdsa.h>
24 #include <openssl/x509.h>
26 typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t
;
29 * Private data structure with signing context.
31 struct private_openssl_ec_public_key_t
{
33 * Public interface for this signer.
35 openssl_ec_public_key_t
public;
49 * Verification of a signature as in RFC 4754
51 static bool verify_signature(private_openssl_ec_public_key_t
*this,
52 chunk_t hash
, chunk_t signature
)
57 sig
= ECDSA_SIG_new();
60 /* split the signature chunk in r and s */
61 if (openssl_bn_split(signature
, sig
->r
, sig
->s
))
63 valid
= (ECDSA_do_verify(hash
.ptr
, hash
.len
, sig
, this->ec
) == 1);
71 * Verify a RFC 4754 signature for a specified curve and hash algorithm
73 static bool verify_curve_signature(private_openssl_ec_public_key_t
*this,
74 signature_scheme_t scheme
, int nid_hash
,
75 int nid_curve
, chunk_t data
, chunk_t signature
)
77 const EC_GROUP
*my_group
;
82 req_group
= EC_GROUP_new_by_curve_name(nid_curve
);
85 DBG1("signature scheme %N not supported in EC (required curve "
86 "not supported)", signature_scheme_names
, scheme
);
89 my_group
= EC_KEY_get0_group(this->ec
);
90 if (EC_GROUP_cmp(my_group
, req_group
, NULL
) != 0)
92 DBG1("signature scheme %N not supported by private key",
93 signature_scheme_names
, scheme
);
96 EC_GROUP_free(req_group
);
97 if (!openssl_hash_chunk(nid_hash
, data
, &hash
))
101 valid
= verify_signature(this, hash
, signature
);
107 * Verification of a DER encoded signature as in RFC 3279
109 static bool verify_der_signature(private_openssl_ec_public_key_t
*this,
110 int nid_hash
, chunk_t data
, chunk_t signature
)
115 /* remove any preceding 0-bytes from signature */
116 while (signature
.len
&& signature
.ptr
[0] == 0x00)
118 signature
= chunk_skip(signature
, 1);
120 if (openssl_hash_chunk(nid_hash
, data
, &hash
))
122 valid
= ECDSA_verify(0, hash
.ptr
, hash
.len
,
123 signature
.ptr
, signature
.len
, this->ec
);
130 * Implementation of public_key_t.get_type.
132 static key_type_t
get_type(private_openssl_ec_public_key_t
*this)
138 * Implementation of public_key_t.verify.
140 static bool verify(private_openssl_ec_public_key_t
*this,
141 signature_scheme_t scheme
, chunk_t data
, chunk_t signature
)
145 case SIGN_ECDSA_WITH_SHA1_DER
:
146 return verify_der_signature(this, NID_sha1
, data
, signature
);
147 case SIGN_ECDSA_WITH_SHA256_DER
:
148 return verify_der_signature(this, NID_sha256
, data
, signature
);
149 case SIGN_ECDSA_WITH_SHA384_DER
:
150 return verify_der_signature(this, NID_sha384
, data
, signature
);
151 case SIGN_ECDSA_WITH_SHA512_DER
:
152 return verify_der_signature(this, NID_sha512
, data
, signature
);
153 case SIGN_ECDSA_WITH_NULL
:
154 return verify_signature(this, data
, signature
);
156 return verify_curve_signature(this, scheme
, NID_sha256
,
157 NID_X9_62_prime256v1
, data
, signature
);
159 return verify_curve_signature(this, scheme
, NID_sha384
,
160 NID_secp384r1
, data
, signature
);
162 return verify_curve_signature(this, scheme
, NID_sha512
,
163 NID_secp521r1
, data
, signature
);
165 DBG1("signature scheme %N not supported in EC",
166 signature_scheme_names
, scheme
);
172 * Implementation of public_key_t.get_keysize.
174 static bool encrypt_(private_openssl_ec_public_key_t
*this,
175 chunk_t crypto
, chunk_t
*plain
)
177 DBG1("EC public key encryption not implemented");
182 * Implementation of public_key_t.get_keysize.
184 static size_t get_keysize(private_openssl_ec_public_key_t
*this)
186 return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec
));
190 * Calculate fingerprint from a EC_KEY, also used in ec private key.
192 bool openssl_ec_fingerprint(EC_KEY
*ec
, key_encoding_type_t type
, chunk_t
*fp
)
198 if (lib
->encoding
->get_cache(lib
->encoding
, type
, ec
, fp
))
204 case KEY_ID_PUBKEY_SHA1
:
205 key
= chunk_alloc(i2o_ECPublicKey(ec
, NULL
));
207 i2o_ECPublicKey(ec
, &p
);
209 case KEY_ID_PUBKEY_INFO_SHA1
:
210 key
= chunk_alloc(i2d_EC_PUBKEY(ec
, NULL
));
212 i2d_EC_PUBKEY(ec
, &p
);
217 hasher
= lib
->crypto
->create_hasher(lib
->crypto
, HASH_SHA1
);
220 DBG1("SHA1 hash algorithm not supported, fingerprinting failed");
224 hasher
->allocate_hash(hasher
, key
, fp
);
225 hasher
->destroy(hasher
);
227 lib
->encoding
->cache(lib
->encoding
, type
, ec
, *fp
);
232 * Implementation of private_key_t.get_fingerprint.
234 static bool get_fingerprint(private_openssl_ec_public_key_t
*this,
235 key_encoding_type_t type
, chunk_t
*fingerprint
)
237 return openssl_ec_fingerprint(this->ec
, type
, fingerprint
);
241 * Implementation of private_key_t.get_encoding.
243 static bool get_encoding(private_openssl_ec_public_key_t
*this,
244 key_encoding_type_t type
, chunk_t
*encoding
)
250 case KEY_PUB_SPKI_ASN1_DER
:
252 *encoding
= chunk_alloc(i2d_EC_PUBKEY(this->ec
, NULL
));
254 i2d_EC_PUBKEY(this->ec
, &p
);
263 * Implementation of public_key_t.get_ref.
265 static public_key_t
* get_ref(private_openssl_ec_public_key_t
*this)
268 return &this->public.interface
;
272 * Implementation of openssl_ec_public_key.destroy.
274 static void destroy(private_openssl_ec_public_key_t
*this)
276 if (ref_put(&this->ref
))
280 lib
->encoding
->clear_cache(lib
->encoding
, this->ec
);
281 EC_KEY_free(this->ec
);
288 * Generic private constructor
290 static private_openssl_ec_public_key_t
*create_empty()
292 private_openssl_ec_public_key_t
*this = malloc_thing(private_openssl_ec_public_key_t
);
294 this->public.interface
.get_type
= (key_type_t (*)(public_key_t
*this))get_type
;
295 this->public.interface
.verify
= (bool (*)(public_key_t
*this, signature_scheme_t scheme
, chunk_t data
, chunk_t signature
))verify
;
296 this->public.interface
.encrypt
= (bool (*)(public_key_t
*this, chunk_t crypto
, chunk_t
*plain
))encrypt_
;
297 this->public.interface
.get_keysize
= (size_t (*) (public_key_t
*this))get_keysize
;
298 this->public.interface
.equals
= public_key_equals
;
299 this->public.interface
.get_fingerprint
= (bool(*)(public_key_t
*, key_encoding_type_t type
, chunk_t
*fp
))get_fingerprint
;
300 this->public.interface
.get_encoding
= (bool(*)(public_key_t
*, key_encoding_type_t type
, chunk_t
*encoding
))get_encoding
;
301 this->public.interface
.get_ref
= (public_key_t
* (*)(public_key_t
*this))get_ref
;
302 this->public.interface
.destroy
= (void (*)(public_key_t
*this))destroy
;
313 openssl_ec_public_key_t
*openssl_ec_public_key_load(key_type_t type
,
316 private_openssl_ec_public_key_t
*this;
317 chunk_t blob
= chunk_empty
;
319 if (type
!= KEY_ECDSA
)
326 switch (va_arg(args
, builder_part_t
))
328 case BUILD_BLOB_ASN1_DER
:
329 blob
= va_arg(args
, chunk_t
);
338 this = create_empty();
339 this->ec
= d2i_EC_PUBKEY(NULL
, (const u_char
**)&blob
.ptr
, blob
.len
);
345 return &this->public;